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Washington, D. C. 20231 
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SECOND PRELIMINARY AMENDMENT 

Please amend the above-identified patent 
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IN THE TITLE - 

Delete the title and replace with: 

--METHOD FOR AUTHENTICATION OF A STRING OF INPUT 
CHARACTERS--. 

14 November 2001 



Respectfully submitted. 
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IN THE UNITED STATES 
PATENT AND TRADEMARK OFFICE 

PATENT APPLICATION 

Applicants: MULLER, Frank; PRINS, Sharon Christie Lesley; 
ROELOFSEN, Gerrit 

International Application No.; PCT/EPOO/02617 

International Filing Date: 23 March 2000 

Priority Date Claimed: 01 April 1999 

Case: PTT-124 (402562US> 

Title: METHOD FOR ENCIPHERING A SERIES OF SYMBOLS APPLYING A 
FUNCTION AND A KEY 

Commissioner for Patents 
BOX PCT 

Washington, D. C. 20231 
SIR: 

PRELIMINARY AMENDMENT 

Please amend the above-identified patent 
application which is simultaneously filed herewith, as 
follows : 

IN THE CLAIMS - 

To facilitate entry of the following changes, the Applicants 
have also submitted herewith substitute/clean pages 
providing all the pending claims, as they now stand. 

Delete claims 1-8 and substitute therefore the following 
claims : 



1 — 9. Method for authentication of a string of input 

2 characters by means of an enciphering function enabled for 

3 enciphering said string of input characters under control of 

4 a string of key characters, comprising the steps of: 

5 modifying, by application of a modification function, 

6 under control of a string of modification characters, said 

7 enciphering function; 

8 enciphering, by application of an enciphering function, 

9 under control of said string of key characters, said string 

10 of input characters, 

11 CHARACTERIZED in that 

12 said modification function is applied initially, prior 

13 to said application of the enciphering function; and 

14 said initially applied modification function modifies 

15 the enciphering function under control of modification 

16 characters which are derived from said string of input 

17 characters. 

1 10. Method according to claim 9, characterized in that said 

2 modification characters are also derived from said string of 

3 key characters. 

1 11. Method according to claim 9, characterized in that the 

2 modification function comprises the replacement of a 

3 character of the string of modification characters, by a 

4 replacement character obtained by an addition of two or more 

5 characters of the string of modification characters modulo 

6 the nuxtiber of possible different characters. 

1 12. Method according to claim 9, characterized in that the 

2 modification function comprises the modification of sequence 
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3 numbers of two or more of the characters of the string of 

4 modification characters. 

1 13. Method according to claim 9^ characterized in that, for 

2 the modification of the function^ there is used as an 

3 initial function the function which was used earlier for 

4 determining an earlier string of output characters. 

1 14, Method according to claim 9, characterized in that the 

Q 2 function is a substitution function, 

y 1 15. Method according to claim 9, characterized in that the 

2 2 function is a non-invertible function. 

1 16. Method according to claim 9^. characterized in that the 

^ 2 function comprises a substitution box containing 

3 replacement characters for the characters of the string of 

\M 4 input characters, and the modification function containing 

5 the exchange, depending on the string of modification 

6 characters, of two or more characters of the substitute box. 

1 17. Method according to claim 10, characterized in that the 

2 modification function comprises the replacement of a 

3 character of the string of modification characters, by a 

4 replacement character obtained by an addition of two or more 

5 characters of the string of modification characters modulo 

6 the number of possible different characters. — . 



REMARKS 

The foregoing amendment is made to conform the 
claims in the application to that amended in the 
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International Preliminary Examination Report, to delete 
multiple dependent claims and to correct minor typographical 
errors , 

Respectfully submitted, 



25 September 2001 



Peter L. Michaelson, Attorney 
Reg. No. 30,090 
Customer No. 007265 
(732) 530-6671 



MICHAELSON ^ WALLACE 
Counselors at Law 
Parkway 109 Office Center 
32 8 Newman Springs Road 
P.O. Box 8489 

Red Bank, New Jersey 07701 
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Mail Post Office to Addressee'' service under 37 CFR 1.10 on 
the date indicated above and is addressed to the 
Commissioner for Patents, BOX PCT, Washington, D.C. 20231, 



Signature of person making certification 

Peter L. MICHAELSON 

Name of person making certification 
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Method for authentication of a string of input characters 



The invention relates to a method according to the preamble of claim 



method, the function {"algorithm") applied for enciphering consists of a 
non-linear function formed by a substitution box ("S box") generated as a 
function of the key. The document provides no further description of the 
way in which the substitution box is generated. For obtaining good 

10 statistical properties of the output of the substitution box with respect 
to variable import r a string of characters obtained by applying the 
substitution box are combined with just as long a string of statistically 
well-distributed characters. The string of characters obtained in this 
connection may be used for enciphering a string of input characters to be 

15 enciphered in an enciphered string of output characters. By applying a 
key-dependent substitution box instead of a permanent substitution box, 
the enciphering function is reinforced. 

An objection to the known method is that, when there is 
substantially always used the same key, said reinforcement of the 

20 enciphering function in practice is appreciably annihilated. Such may 

occur, e.g., upon authentication when using a chip card, such as a calling 
card and a GSM card. 

The object of the invention is to exclude the drawbacks of the known 
method. To this end, the invention provides a method as described in 

25 claim 1. 

The sender of the enciphered string of output characters and the 
receiver of said series must both dispose of the same key and the string 
of input characters used for enciphering, at any rate the portion of the 
latter series used for modifying the function. As a result, the method is 

30 particularly suited for authentication, the receiver of an enciphered 

string of characters being capable of checking whether a sender having an 
identity suggested to the receiver has utilised a corresponding key, and 
in the event of a positive outcome of said check, the identity of the 
sender is ensured to the receiver. 

35 The string of characters used for modifying the function are 

particularly variable and are, e.g., a challenge number generated per 
session, any (different) number, or a variable attribute of the sender, 
such as a balance kept up to date on a chip card. 



40 function, the receiver of the enciphered string of characters may carry 



1. 



5 



A method of said type is disclosed in EP-A-0399587 . With the known 



If the non-linear function used for enciphering were an invertible 
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out said check using the same function, the same key and the received 
string of characters as an input for the function. The result must be 
equal to the string of input characters used for enciphering. 
Since the receiver may also carry out the check by executing the same 
5 operations as the ones carried out by the sender, the series received by 
the receiver having to be equal to the series generated by the receiver. 
In such case, it is not required that the function be an invertible 
function, as a result of which, in the event of the complexity remaining 
constant, there may be realised a stronger enciphering function which is 
10 more resistant against attacks. 

The function applied to enciphering preferably is a non-linear 
function which may be formed by way of a substitution box or a 
cryptographic function, such as a function in which, depending on the 
input and the key, specific operations are carried out or not. 

xt is noted that EP0801477 discloses an encryption method in which 
an "internal state" is controlling an encryption function which, in each 
encryption round, modifies the encryption function. According to the 
present invention, the encryption function is modified only once, in an 
initial step, while always, after the initial modification, the same 
20 encryption function is used in every new encryption round. Contrary to 
that in the known method the encryption function is modified in every 
encryption round. Further, in the known method the encryption function is 
not modified on the basis of the input text. According to the present 
invetnion the input text forms an essential parameter in modifying the 
25 encryption function. 

Next, it is noted that US4979832 discloses an enciphering method in 
which a pseudo-random input string is added to an encryption function. The 
pseudo-random string used in the encryption function also has to be 
available in the decryption process. In the known method the encryption 
30 function is dynamically (continuously) modified during the encryption 

processes. This is essential in the method according otherwise the system 
would be highly insecure. According to the present invention, however, 
there is only an initial modification of the encryption function, prior to 
the encryption process itself. Consequently, during the subsequent 
35 encryption process the encryption function is not changed any more. The 
known method is aimed at encryption/decryption. The method according to 
the invention is specifically designed for authentication and even can in 
practice not be used for encryption/decryption. 
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Further properties and advantages of the invention will become clear from 
the explanation following below of embodiments of the invention in 
conjunction with the enclosed drawings, in which: 

FIG. 1 shows a diagram of a Jcnown enciphering function; 

5 FIG.T^shows a diagram of a first embodiment of the invention; 

FIG. 3 shows a flow diagram for the operation of the embodiment 
according to FIG. 2; and 

FIG. 4 shows a different embodiment of the invention. 
By way of a^ock 1, FIG. 1 presents a known enciphering function (or 

10 encryption function). The enciphering function utilises one or more 
functions 2, also presented by blocks. Assuming a string of input 
characters IN 3 to be enciphered, the enciphering function using a secret 
key 4 determines an enciphered string of output characters EXIT 5. The 
known enciphering function DES [= Data Encryption Standard] operates 

15 according to said principle, eight non-linear functions being used which 
are formed by substitution boxes ("S boxes"). The invention is not 
limited, however, to the DES function; neither is it limited to using non- 
linear functions and substitution boxes for the functions. 

FIG. 2 shows a diagram of an enciphering function 7 based on the 

20 enciphering function of FIG. 1 according to the invention. The functions 
are indicated by reference numeral 8. The functions 8 may be modified by 
applying an associated reference function 9 based on the string of input 
characters IN 3 or part thereof. The modification functions 9 need not be 
equal . 

25 Below, the operation of the enciphering function of FIG. 2 will be 

explained with reference to the flow diagram of FIG. 3, 

A modification function 9 modifies the function 8 based on a string 
of modification characters initially derived from the string of input 
characters IN 3 (block 11 ) .Modifying the function 8 takes place in several 
30 steps, namely, the steps n=0 to n=Nmax inclusive, Nmax being permitted to 
be permanent or also depending on, e.g., the series IN 3. That is why, at 
the start of the modification of the function 8, a step counter is reset 
(block 12). Subsequently, the function 8 is modified, based on the value 
of n and the modification series (block 13). Then the number of steps 
35 counted is incremented by 1 (block 14 ). Subsequently, it is checked whether 
the function 8 has already been modified the maximum number of times 
(block 15). When this condition is met, the modification of the function 8 

is terminated; otherwise the string of modification characters are 
modified (step 16) and the function 8 is modified once again based on the 
40 new value of n and the modified string of modification characters (step 
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13), In Box I following below, an example is given for the operation of the 
enciphering function 7 shown in FIG, 2. 
TABLE I 



Step 
n 


String of modification 
characters for n>0 
x(2):= 
(x(0) + x(l) )mod8 


From step n=0, 
exchange y(nmod8) and y(x(0)) 

i 01234567 
y(i) 30576412 


x(0) x(l) x(2) 


n 


5 2 3 


10576112 


1 


2 3 7 


4ili76312 


9 


3 7 5 


4 5 2 6 3 1 2 


-3 


7 5 2 


457Z631£ 


A 

H 


5 2 4 


45721^10 


5 


2 4 7 


45^23210 


6 


4 7 6 


45621720 


7 


7 6 3 


456217311 


8 


6 3 5 


1562A730 


9 


3 5 1 


1265.4730 



It is assumed that the set of characters comprises eight characters, shown 
5 in the Table with the numerals 0 to 7 inclusive. It is further assumed 
that the function 8 is formed by a substitution box. Said box may be 
realised by a rewritable memory having eight memory locations containing 
addresses or sequential numbers 1=0,.. 7. The memory locations each 
comprise one of the characters, each character figuring only once in the 
10 memory locations. In Table I, the content of a memory location having 
address or sequential number i is indicated by y(i). Initially, the 
memory locations for i==0,..7 contain the characters 3, 0, 5, 7, 6, 4, 1, 
2, respectively. Said string of characters form an initial substitution 
box. A character of a string of characters to be enciphered is considered 
15 to be address or sequential number i, and is replaced by the character in 
the memory location having said address. According to the initial 
substitution box of Table I, e.g., 0 is therefore replaced by 3, 1 by 0, 2 
by 5, . . . , 7 by 2. 

Before a string of characters to be enciphered are actually 
20 enciphered, according to the invention the initial substitution box is 

modified first. According to the example of Table I, modification takes 
place in ten steps (step n=0 to n=Nmax inclusive). The modification takes 
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place depending on the characters of the string of characters to be 
enciphered, at any rate of several characters thereof. In Table I, the 
characters to be enciphered which are used for the modification of the 
substitution box are the characters 5^ 2 and 3 indicated at step n=0, 
5 Said characters are allotted to variables x(0), x(l) and x(2), 
respectively. 

During the first step with n=0, the character y{n), i.e., the 
character 3 of memory location 0, is exchanged with the character y{x(0}), 
namely, character 4 of location x(0)-5. In Table I, for clarity's sake, 
10 the exchanged characters of the substitution box of eight characters are 
underlined for each of the ten steps n^O, ...9. 

Subsequently, there is calculated an auxiliary variable h, which is 
equal to: 

h=(x(0}+x{l) ) modulo (the number of possible characters), 
^^^^ 15 or in the example 

J h=<x(0}+x(l) ) modulo 8. 

l:^ Subsequently, the characters of the string of modification 

\M characters x(0), x(l) and x(2) are replaced as follows (":=" means 

"becomes", i.e,, an allotment). 
M 20 x(0):=x(l), 
it x(l):-x{2), and 

x(2}:-h. 

For each step, modifying characters based on the step number and the 
characters of the string of modification characters are repeated a 
25 suitable number of times, in the example of Table I Nmax+l«10 times. At 
the end of said modification function, the initial substitution box: 
3, 0, 5, 7, 6, 4, 1, 2 

has been replaced by a final substitution box: 
1, 2, 6, 5, 4, 7, 3, 0. 
30 Subsequently, the characters of an input series to be enciphered 

may, according to the order of the characters in the eventual substitution 
box, be replaced for providing an output string of enciphered characters. 
As a result, in the example the string of input characters 5, 2, 3 are 
replaced by 7, 6, 5, respectively. Said string of output characters are 
35 used for possible further steps of the enciphering function, 

FIG. 4 shows the diagram of an enciphering function 18 which differs 
from the enciphering function 5 of FIG. 2 in that the modification 
function 9 is replaced by a modification function 19. Just as the 
modification function 9, the modification function 19 depends on a number 
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of characters IN 3 to be enciphered, but in addition on a number of 
characters of the key 4. 

Table II offers an example of the operation of the modification 

function 19, 

TABLE II 





Step 
n 


String of modification 
characters for n>0 
x(2) :-(x(0) + x(l) )mod8 


From step n=0, 
exchange y(nmod8) and 


y(x(0}) 






x(0) x(2) 
x(l) 


x(4) 
x{3) 




i 


0 1 
o u 


2 

c; 

■J 


7 


4 


4 


b 
1 


/ 
2 




0 


5 


2 


3 


2 


4 




1 


0 


5 


7 


6 


1 


1 2 


„ 


1 


2 


3 


2 


4 


7 




4 






7 


6 


3 


1 2 




2 


3 


2 


4 


7 


5 




4 


5 


7 


H 


6 


3 


1 2 




3 


2 


4 


7 


5 


5 




4 


5 




2 


6 


3 


1 2 




4 


4 


7 


5 


5 


6 




4 


5 


0 


7 


£ 


3 


1 2 




5 


7 


5 


5 


6 


3 




4 


5 


0 


7 


6 


2 


1 1 




6 


5 


5 


6 


3 


5 




4 


5 


0 


7 


6 


1 


2 3 




7 


5 


6 


3 


5 


2 




4 


5 


0 


7 


6 


1 


2 1 




8 


6 


3 


5 


2 


3 




2 


5 


0 


7 


6 


3 


A 1 




9 


3 


5 


2 


3 


1 




2 


2 


0 




6 


3 


4 1 



Table II differs from Table I only in that the string of 
modification characters x(0), x(l), x(2) are completed by x(3), x{4). The 
characters x('3) and x(4) are derived from the key 4. In the example of 



10 Table Ilr the initial string of modification characters is 5, 2, 3, 2, 4, 
According to Table II, the eventual substitution box is: 
2, 7, 0, 5, 6, 3, 4, 1. 
The string of input characters IN 3 having the characters 5, 2, 3 is 
replaced, according to said eventual substitution box, by the enciphered 
15 string of output characters EXIT 20 having the characters 3, 0, 5. 

The characters of the initial substitution box may be sorted at 
random for as long as both the sender of a string of enciphered characters 
UIT 5 and the receiver of the string of enciphered characters use the same 
initial substitution box. If it is possible to always meet said 
20 condition, the enciphering function may be reinforced by using, as an 
initial substitution box, a substitution box used during a preceding 
enciphering process, e.g., the most recently used eventual substitution 
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box. If there is a danger that said condition is not always met, it may 
be provided that the receiver of the string of enciphered characters 5 
recalls several of such preceding substitution boxes and uses an older one 
thereof if deciphering the series received leads to a negative check 
5 result. 

Since, both during enciphering a string of characters and during 
deciphering thereof, the keys used must be equal and knowledge must be 
available on the string of enciphered characters IN 3, the receiver of the 
enciphered series may carry out exactly the same operation, i.e., 
10 enciphering, as the receiver has carried out, and compare the results to 
one another. In this event, a non-invertibie function may be used for the 
function which, in the event of constant complexity, makes a stronger 
enciphering function possible. 

The modification functions explained in conjunction with Tables I 
15 and II serve only as an example. For modifying the string of modification 
characters there may be applied, e.g., for each step, more than two and/or 
, a different number of modulo additions, and the characters of the 
modification series may be rearranged in other ways instead of by way of 
simple shifting. 
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CLAIMS 

1. Method for authentication of a string of input characters (3) by 
means of an enciphering function {2, 8) enabled for enciphering said 

5 string of input characters under control of a string of key characters 
(4), comprising the steps of: 

• modifying, by application of a modification function, under control of 
a string of modification characters^ said enciphering function; 

• enciphering, by application of an enciphering function, under control 
10 of said string of key characters (4), said string of input characters, 

CHARACTERISED in that 

• said modification function (9, 19) is applied initially, prior to said 
application of the enciphering function and 

• said initially applied modification function modifies the enciphering 
15 function (8) under control of modification characters which are derived 

from said string of input characters (3). 

2. Method according to claim 1, characterised in that said modification 
characters are also derived from said string of key characters (4), 

20 

3. Method according to claim 1 or 2, characterised in that the 
modification function (9, 19) comprises the replacement of a character of 
the string of modification characters, by a replacement character obtained 
by an addition of two or more characters of the string of modification 

25 characters modulo the number of possible different characters. 

4. Method according to any preceding claim, characterised in that the 
modification function (9, 19) comprises the modification of sequence 
numbers of two or more of the characters of the string of modification 

30 characters. 

5. Method according to any preceding claim, characterised in that, for 
the modification of the function, there is used as an initial function the 
function which was used earlier for determining an earlier string of 

35 output characters (5, 20). 
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6. Method according to any preceding claim^ characterised in that the 
function is a substitution function. 

7. Method according to any of the claims 1 to 5 inclusive, 

5 characterised in that the function is a non-invertibie function. 

B. Method according to any of the preceding claims, characterised in 
that the function comprises a substitution box containing replacement 
characters for the characters of the string of input characters^ and the 
10 modification function containing the exchange, depending on the string of 
modification characters, of two or more characters of the substitution 
box. 
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